Commit f94f3e27 authored by Mark Andrews's avatar Mark Andrews

4581. [port] Linux: Add getpid and getrandom to the list of system

                        calls named uses for seccomp. [RT #44883]
parent 638c7c63
4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
......
......@@ -50,6 +50,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat),
SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink),
SCMP_SYS(socket),
SCMP_SYS(sendto),
......@@ -113,6 +117,10 @@ const char *scmp_syscall_names[] = {
"fstat",
"epoll_ctl",
"gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink",
"socket",
"sendto",
......@@ -182,6 +190,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat64),
SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink),
#ifndef ISC_PLATFORM_USETHREADS
SCMP_SYS(fcntl64),
......@@ -218,6 +230,10 @@ const char *scmp_syscall_names[] = {
"fstat64",
"epoll_ctl",
"gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink",
#ifndef ISC_PLATFORM_USETHREADS
"fcntl64",
......
......@@ -254,6 +254,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Build with GeoIP Country IPv6 support */
#undef HAVE_GEOIP_V6
/* Define to 1 if you have the `getrandom' function. */
#undef HAVE_GETRANDOM
/* Define to use gperftools CPU profiler. */
#undef HAVE_GPERFTOOLS_PROFILER
......
......@@ -11493,7 +11493,19 @@ yes)
;;
esac
#libseccomp sandboxing
for ac_func in getrandom
do :
ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom"
if test "x$ac_cv_func_getrandom" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_GETRANDOM 1
_ACEOF
fi
done
# Check whether --enable-seccomp was given.
if test "${enable_seccomp+set}" = set; then :
enableval=$enable_seccomp;
......
......@@ -86,7 +86,9 @@ yes)
;;
esac
#libseccomp sandboxing
AC_CHECK_FUNCS(getrandom)
AC_ARG_ENABLE(seccomp,
AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]]))
case "$enable_seccomp" in
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment